Hi,
I'm using using auth_request to authenticate requests to my locations. I
have a working configuration but I noticed that the client is not
receiving all cookies set by the authentication server.
I'm using following syntax for setting the cookie:
auth_request_set $auth_cookie $upstream_http_set_cookie;
It seems that the variable $upstream_http_set_cookie only contains the
first cookie and not all cookies set by the upstream server.
Is this variable's behavior feature or is it a bug? Is there a
workaround for this?
I have tried using different solutions like using using the variable
$upstream_cookie_<name> for setting each cookie but this variable seems
to contain only the raw cookie value and doesn't include the flags, e.g.
expires, httponly. I thought about using lua but I'm thinking of giving
up with the lua route since it seems it would not be a good solution all
things considered.
Relevant part of the nginx configuration:
##################
location / {
auth_request /auth;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
try_files $uri @frontend;
}
location /auth {
internal;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header Host $host;
proxy_pass http://$server/api/authz;
}
##################
- Hannu
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
